Security
IP Source Guard
Cisco 500 Series Stackable Managed Switch Administration Guide 472
21
Enabling IP Source Guard
To enable IP Source Guard globally:
STEP 1 Click Security > IP Source Guard > Properties.
STEP 2 Select Enable to enable IP Source Guard globally.
STEP 3 Click Apply to enable IP Source Guard.
Configuring IP Source Guard on Interfaces
If IP Source Guard is enabled on an untrusted port/LAG, DHCP packets, allowed
by DHCP Snooping, are transmitted. If source IP address filtering is enabled,
packet transmission is permitted as follows:
• IPv4 traffic — Only IPv4 traffic with a source IP address that is associated
with the specific port is permitted.
• Non IPv4 traffic — All non-IPv4 traffic is permitted.
See Interactions with Other Features for more information about enabling IP
Source Guard on interfaces.
To configure IP Source Guard on interfaces:
STEP 1 Click Security > IP Source Guard > Interface Settings.
STEP 2 Select port/LAG from the Filter field and click Go. The ports/LAGs on this unit are
displayed along with the following:
• IP Source Guard —Indicates whether IP Source Guard is enabled on the
port.
• DHCP Snooping Trusted Interface—Indicates whether this is a DHCP trusted
interface.
STEP 3 Select the port/LAG and click Edit. Select Enable in the IP Source Guard field to
enable IP Source Guard on the interface.
STEP 4 Click Apply to copy the setting to the Running Configuration file.
To Next Page
Loading...
